Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.
Researchers have published working exploit code for the Ivanti Sentry CVE-2023-38035 flaw.
The group reused its infrastructure in attacks against internet infrastructure and healthcare organizations in the U.S. and UK, allowing researchers to unearth details about its newest malware tools.
Ivanti on Tuesday said it “has been informed that CVE-2023-38035 was exploited after exploiting CVE-2023-35078 and CVE-2023-35081.”
The makers of WinRAR have released a new version that fixes a serious remote code execution flaw (CVE-2023-4407) in the compression utility.
At Black Hat USA, Greg Notch, CISO at Expel, talked about his previous experiences as the former NHL CISO and how to effectively communicate security risk at the board level.
A new version of the macOS XLoader malware has been observed.
Researchers said they observed new tactics being used by the well-known ransomware group in attacks against a critical infrastructure entity in the U.S. and an IT integrator in Latin America.
The ShareFile flaw could allow unauthenticated attackers to remotely compromise the customer-managed ShareFile storage zone controller.
A newly identified phishing campaign is targeting Zimbra Collaboration users around the world.
One of the more serious flaws in Ivanti's enterprise mobile device management platform could allow unauthenticated, remote attackers to execute code.
Mandiant has released a scanner to identify appliances that have been compromised through exploitation of CVE-2023-3519.
At Black Hat USA last week, John Checco, resident CISO at Proofpoint, talked about the new SEC cyber rule and its impact for CISOs.
The U.S. government wants product manufacturers to treat the security of customers as a core business requirement, but there are still challenges that need to be tackled.
A detailed analysis of the activities of the Lapsus$ hacking group by the Cyber Safety Review Board shows that a focus on the basics and better usage of IAM and MFA technologies are highly effective defenses.